Cruxer (OP)
Full Member
 Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
 |
June 03, 2015, 08:26:24 AM |
|
I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet. |
|
|
|
|
erpbridge
Legendary
Offline
Activity: 954
Merit: 1000
|
|
June 03, 2015, 09:00:45 AM |
|
I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet. Yes I suppose thats what he meant. When I visit a dice site, the most important thing for me would be to verify bets immediately. Another thing that comes to my mind is the fact that the "My Bets" tab on the site shows only around 20 recent bets. I suppose you would show the rest being archived. But unless I am recording the session it would be difficult for me to actually verify that the archived bets were actually what happened. |
|
|
|
|
|
Havelivi
|
|
June 03, 2015, 09:24:37 AM |
|
I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet. he is asking to put simple verification method that are mostly gambling sites are using at the moment like Primedice, Dadice and many more like "serverseed, clientseed, nonce" that provably fair system is easy to understand to most players and easy to understand because of nonce we can know there is no skip to manipulate the bet result, i hope you can understand what verification he is talking about. |
|
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1295
DiceSites.com owner
|
|
June 03, 2015, 10:06:38 AM |
|
I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet. Yes and no. I guess you can have: - serverseed, clientseed, secret (you have this now?) - serverseed, clientseed - serverseed, clientseed, nonce The first one is bad because people need to wait. The second one is bad because it requires the seeds to be different each roll you make, which makes verifying much more difficult and time consuming - even though it is instant. The third one is the most popular and best way, the same seeds are used over many many rolls until the player decides to reset the serverseed and see the revealed unhashed seed to verify _all_ the previous rolls in 1 time. |
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 03, 2015, 12:00:00 PM |
|
Yes and no. I guess you can have:
- serverseed, clientseed, secret (you have this now?)
- serverseed, clientseed
- serverseed, clientseed, nonce
The first one is bad because people need to wait. The second one is bad because it requires the seeds to be different each roll you make, which makes verifying much more difficult and time consuming - even though it is instant. The third one is the most popular and best way, the same seeds are used over many many rolls until the player decides to reset the serverseed and see the revealed unhashed seed to verify _all_ the previous rolls in 1 time.
So first one (which we have currently) is bad (can be better). We will change it again after midnight (to give users ability to verify bets from current day). Second one we had before, but both client seed and server was revealed (critical design flaw) before the game began. Server seed should be revealed after game, to not be able predict game results. Third one, i can't wrap head around how it is faster to verify this than second method. After thinking a while its because you need to only copy one value from game (nonced client seed) while you always have (untill you change it) nonced server seed in script already. If i got above correctly, we are ready to put third method live after midnight. "My Bets" tab on the site shows only around 20 recent bets. I suppose you would show the rest There will be added "Bet browser in Provably Fair tab". But you would need to know bet ID to pull out older game. How current popular sites do that? I would think of maybe option to pull out in simple text form list of last 200 bets for example with data <bet id>|<server seed>|<client seed - nonce> to be able to verify in quick way many bets quickly. |
|
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1295
DiceSites.com owner
|
|
June 03, 2015, 12:08:24 PM |
|
Third one, i can't wrap head around how it is faster to verify this than second method. After thinking a while its because you need to only copy one value from game (nonced client seed) while you always have (untill you change it) nonced server seed in script already. Yes. Let's do 10 bets w/o and w/ nonce: Serverseed per roll without nonce1. Click to see serverseed hash & copy it, change clientseed, make bet. 2. Verify if hash was really correct and check bet result. 3. Click to see serverseed hash & copy it, change clientseed, make bet. 4. Verify if hash was really correct and check bet result. 5. Click to see serverseed hash & copy it, change clientseed, make bet. 6. Verify if hash was really correct and check bet result. 7. Click to see serverseed hash & copy it, change clientseed, make bet. 8. Verify if hash was really correct and check bet result. 9. Click to see serverseed hash & copy it, change clientseed, make bet. 10. Verify if hash was really correct and check bet result. 11. Click to see serverseed hash & copy it, change clientseed, make bet. 12. Verify if hash was really correct and check bet result. 13. Click to see serverseed hash & copy it, change clientseed, make bet. 14. Verify if hash was really correct and check bet result. 15. Click to see serverseed hash & copy it, change clientseed, make bet. 16. Verify if hash was really correct and check bet result. 17. Click to see serverseed hash & copy it, change clientseed, make bet. 18. Verify if hash was really correct and check bet result. 19. Click to see serverseed hash & copy it, change clientseed, make bet. 20. Verify if hash was really correct and check bet result. Serverseed with nonce1. Click to see serverseed hash & copy it, change clientseed, make bet. 2. Make bet. 3. Make bet. 4. Make bet. 5. Make bet. 6. Make bet. 7. Make bet. 8. Make bet. 9. Make bet. 10. Make bet. 11. Get new serverseed hash to reveal old serverseed, verify hash and check bet results. |
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 03, 2015, 01:27:41 PM |
|
After consideration we will implement 3rd mehod with nonce as NLNico suggested.
NLNico will you verify our implementation of 3rd method tommorow? (will write here as soon it will be ready)
RHavar from what you are writing i predict you also have tech knowledge to verify our implementation. Hope you can do it also.
|
|
|
|
|
|
a1choi
|
|
June 03, 2015, 03:54:43 PM |
|
One extra benefit of going nonceless is that it is hugely easier to verify each bet with a script (or verify the script) as there's no history (bet direction, bet size, result) to accumulate, you can just on-demand verify each bet.
Not sure if you're talking about the 2nd method here (nonceless), but i would find this system provably, but not fair. As, it could be possible that the user does not update his client seed while the serverseed will update after every bet. If the operator is unscrupulous, he could take advantage of the users that don't change their client seed as often, and find a serverseed pair that will have an advantage, assuming that the user does not change his betting % or hi/lo option. of course this would require some work on the operator's part as well as some added technical knowhow, but i could see something like this being done. |
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 04, 2015, 12:26:33 AM
Last edit: June 04, 2015, 01:20:35 AM by Cruxer |
|
After over 4 hours of non-stop programming Quincunx provably fair system with nonce is finished.
Please verify our implementation (only Quincunx game), its based on primedice system.
If verification will be positive, we will implement it also in poker.
|
|
|
|
|
OgNasty
Donator
Legendary
Offline
Activity: 4816
Merit: 4501
Leading Crypto Sports Betting & Casino Platform
|
|
June 04, 2015, 01:33:04 AM |
|
Cool game. I donated 0.03 BTC.  |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 04, 2015, 01:38:42 AM |
|
Cool game.
Thank you for kind words, we have just started so its great motivation to continue. We have big plans so stay tuned  |
|
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1295
DiceSites.com owner
|
|
June 04, 2015, 02:24:48 AM |
|
After over 4 hours of non-stop programming Quincunx provably fair system with nonce is finished.
Please verify our implementation (only Quincunx game), its based on primedice system.
If verification will be positive, we will implement it also in poker.
It seems like the idea is good now. But unfortunately there is still a mistake and the site is still not provably fair  When a player changes the clientseed, you give a new serverseed. This means you could calculate bad results based on these seeds. The idea of a clientseed is that there is a variable in the calculation which the site doesn't know in advance and therefor cannot predict the results in advance. 2 options: 1. When someone sets the clientseed, you should keep the same hash (and don't reset the nonce or else player can cheat.) And then there should be a separate button to "request new serverseed" that also resets the nonce. 2. OR show the "next serverseed hash" already when setting the new clientseed (that is actually what PD does.) Truthfully I didn't fully test the provably fair method but this is what I saw already. |
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 04, 2015, 09:23:28 AM |
|
When a player changes the clientseed, you give a new serverseed. This means you could calculate bad results based on these seeds. The idea of a clientseed is that there is a variable in the calculation which the site doesn't know in advance and therefor cannot predict the results in advance. 2 options:
1. When someone sets the clientseed, you should keep the same hash (and don't reset the nonce or else player can cheat.) And then there should be a separate button to "request new serverseed" that also resets the nonce.
2. OR show the "next serverseed hash" already when setting the new clientseed (that is actually what PD does.)
I think we already do have this second method. Player know in advance next server seed hash (below SET button, need to click Next server seed (hash) to reveal it). |
|
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1295
DiceSites.com owner
|
|
June 04, 2015, 09:34:00 AM |
|
Ah you are correct. Although that link is very small lol, I would probably display it slightly different. Anyway, seems technically okay then, although I didn't actually calculate the results and didn't check the details (just had quick look only.) But yeh, nice job improving it already.
|
|
|
|
|
tsoPANos
|
|
June 04, 2015, 10:44:18 AM |
|
Any impressions from the provably fair system?
|
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 04, 2015, 11:45:29 AM |
|
Ah you are correct. Although that link is very small lol, I would probably display it slightly different. Anyway, seems technically okay then, although I didn't actually calculate the results and didn't check the details (just had quick look only.) But yeh, nice job improving it already.
Thank you. I moved this link to bottom of Provably Fair tab, underlined it, bigger font. Hope it will fit better there Also removed couple bugs that could affect verification process, maybe its good that you have waited with full verification. Any impressions from the provably fair system?
Better from impression will be full verification of Quincunx provably fair system on real bet examples . |
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 05, 2015, 12:00:27 AM |
|
We got info on site chat, that there is still critical bug in quincunx that lets you predict coin path before betting.
While we are working hard to verify this information, it would be helpfull to also someone else give it a look. Like they say, four pair of eyes are better than two.
This can be bogus report, but reports like this must be checked carefully.
One indication that it could be true is one user, that hit on quincunx red table 130x in first real bet, then again between ~20 bets... chance for x130 on red table is around 1 to 25000.
|
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 05, 2015, 01:43:13 AM |
|
RHavar thank you for this post, many usefull informations If you're asking for help, it probably would help if you tell us the report details, otherwise we're flying blind =) There was not many details, thats the problem, since this user wanted serious BTC for disclosure of this information. He said there are two security flaws. One severe and one very very severe. After some talk he gave couple hints. First that this very very severe one is about quincunx predicting coin path. Second one after further talk turned out to be hard to exploit CSRF in one function. We found it right away and its already fixed. Giving that his one bug report was true, second could be also. Anyway, only possible way of cheating in quincunx i could think of, would be to know current server seed in non hashed way. For example trivial mistake after reworking provably fair system, one place could be showing current server seed in non hashed way that should be hashed now. Finishing checking this. dealing with the uncertainty if it was real or legitimate It is hard, even more since first day design flaw which allowed user to calculate result before game. Ended without any harm, but we check everything twice now. It's a weekly occurrence that someone brings up a really unusual streak Yeah statistics is like that, you can have 50% chance for either 1 or 0, and get 1 for twenty times straight. Because of that very often people conclusion is that site is rigged, seen that many times on dice sites. I saw earlier you had a max win of almost 50 BTC. Max bet was 0.05 and it was lowered around ~14 hours ago to 0.01 temporary. Our provably fair system need 3rd party verification first, for safety of players and site itself. It will be raised when we will be 100% sure of our provably fair system. |
|
|
|
|
VRNBY
Newbie
Offline
Activity: 2
Merit: 0
|
|
June 05, 2015, 02:04:52 AM |
|
Sorry for my English . You do not even give me 0.5 BTC for responsible disclosure , and would only pay 0.1 BTC . I even gave a serious problem for free , and this is my job to eat.
Now you say you can pay 50 BTC winners per game , but you can not pay me 1 / 100th of it to help your security.
My time is too valueable to be wasted in this and has made it clear for the next person to find it more profitable to abuse your site getting insulted by your tiny bounties
|
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 05, 2015, 02:13:26 AM
Last edit: June 05, 2015, 08:35:29 AM by Cruxer |
|
Sorry for my English . You do not even give me 0.5 BTC for responsible disclosure , and would only pay 0.1 BTC . I even gave a serious problem for free , and this is my job to eat.
Now you say you can pay 50 BTC winners per game , but you can not pay me 1 / 100th of it to help your security.
My time is too valueable to be wasted in this and has made it clear for the next person to find it more profitable to abuse your site getting insulted by your tiny bounties
Your english is fine. We don't have official bug bounty, but your messages on chat sounded dangerously close to extortion or even blackmail. Give me 1.5 BTC or someone will abuse this bug and you will loose more. Well how you could treat someone serious after something like that. |
|
|
|
|
|
